Remote smartphone diagnostics: the new Carrier IQ or helpful support tool?

Remote smartphone diagnostics: the new Carrier IQ or helpful support tool?

The importance of privacy has been dwindling for quite some time, and smartphones have become one of the biggest culprits. Allegations against Carrier IQ, location-based tracking, the recent concerns about Path snatching up iOS address book information -- all of these are just a few examples of mobile carriers and other wireless companies taking our personal data, selling it to the highest bidder (or using it for their own purposes) and not bothering to let us know or give us a choice. The last few aspects of our life that we choose not to share on Facebook seem to get out into the ether, whether we like it or not. And here's the scarier part: there may be companies grabbing information off of our phones right now without us knowing about it.

Too much of a doomsday scenario? Perhaps, but it's important to drive home the point that it has become so outrageous over the past year that we can't help but become nervous anytime we download an app or type in a password. Is our phone secure? How can we really be sure? Can we really trust (insert carrier or manufacturer name here)? This week, the very same situation is resurfacing as Verizon and HTC have made significant moves to install remote diagnostic tools on select devices. It's all done in the name of customer support, but how can we tell this isn't just another sneaky way of snagging our personal deets and selling them to a third party without telling us? We wanted to find out, and here's what we've learned so far.

Backstory

Last November, the words "Carrier IQ" transformed from an unknown company into the tech industry's equivalent of a four letter word in a matter of hours. In short, thanks to a keen-eyed developer, it was discovered that several manufacturers and mobile operators had pre-installed software on their devices that were capable of gathering heaps of personal data. What it did with that information was left to the discretion of Carrier IQ's individual customers -- that is, the companies responsible for making and selling the phones.

When put on the hot seat by Senator Al Franken, manufacturers pointed the fingers of blame at the carriers, claiming that the software was installed under their direction. Caught red-handed, the networks accepted the responsibility but didn't go far as to admit any guilt in the matter, instead explaining that only limited amounts of data were collected for the purpose of patching up holes in coverage and discovering inefficiencies in their wireless networks. See, it's all for the customers, right? The operators legitimized this by showing off vague portions of their privacy policy, saying that this shouldn't have caught the customer off-guard since they'd accepted the terms of service before using their phone.Fast-forward four months. This controversy has finally died down, just in time for a new one to take its place. For this go-round, it's in the form of remote diagnostics. Just last week HTC announced that its phones will soon come pre-loaded with LogMeIn Remote, a client that's no stranger to the field of mobile diagnostics. Additionally, Verizon is in the process of updating the LG Revolution and Samsung Droid Charge with a similar tool made by a lesser-known company called AetherPal. So what's this all about?The premise is simple and inviting: if your phone is misbehaving or acting strange, all you need to do is call into tech support and the representative can access your phone from afar, view the same exact screens that you see and run some diagnostics tests to determine exactly what's wrong. If this sounds familiar, you've likely had a support rep do the same kind of thing on your PC. In theory, these apps are supposed to increase customer satisfaction and lower the number of costly returns and warranty replacements. And in a day and age in which most companies are trying to cut costs in any way possible, this all sounds like a magical way of hitting two birds with one stone.

If you're a natural skeptic (or the owner of a CIQ-crippled handset), you're likely looking at this with a heavy dose of hesitancy. That's exactly how we felt, too -- we immediately started looking for the bad. There has to be an ulterior motive, after all. HTC and Verizon are being unusually transparent about their intent to set up remote diagnostics, and it's hard to tell if their attempts to gain favor with the average consumer are genuine. The idea of a mobile operator installing an app that gives it even more access to our phone's contents is understandably cringe-worthy. What will HTC and Verizon have access to now? Can these pre-loaded apps peer into any of our personal information? Is it an opt-out service? Most importantly, can we get rid of it? We reached out to both companies for more answers, and they were happy to oblige.

HTC

Will the app only be accessed by HTC customer support/tech support reps? Will third parties be given access?

The primary purpose for LogMeIn (LMI) Rescue is for HTC customer support representatives. If the HTC support representative decides that Remote Assistance would be helpful, the representative will first ask the customer for permission and explain the benefits. Prior to a session commencing, a customer will need to accept the Terms and Conditions for the remote support session and must enter a PIN code which is generated by the technician.

A secondary purpose is for IT organizations that want to use LMI to support their customers'/employees' devices. As LMI Rescue will be pre-embedded on HTC phones, it's an opportunity for any organization or enterprise that would like to take advantage of LMI Rescue to support their customers and may do so by obtaining technician licenses from LMI directly.

Is it all opt-in? Will it give us the chance to accept/reject before the rep can get in?

No connection can be made to the app by any technician unless the PIN is entered by the customer and the customer accepts the Terms and Conditions. Customers have complete control over the app: only the customer can launch the app and only the customer is able to give a technician access.

When they look at your phone, will you be able to see exactly what they're looking at?

LogMeIn Rescue allows remote diagnosis, configuration and control. If the customer agrees to grant the HTC technician to view the device, the technician and the customer will see exactly the same screen in order to be able to more effectively identify the problem. The technician will see exactly what the customer sees and vice versa.

Does the LogMeIn client have the ability to run in the background when a rep isn't using it?

The app is only running when the customer launches the app during a remote assistance session after the PIN is entered by the customer and the customer accepts the Terms and Conditions. During a session the customer can exit, disconnect, end or pause display sharing at any time.

Can the app be uninstalled if the owner of the phone doesn't want it?

This is a pre-embedded system application, so it can not be uninstalled (without root). Our hope is that people have a great experience with their phone and never even need LMI Rescue, but if an issue arises that requires Remote Assistance, it will be there and a support representative can leverage it to get the end user back using the phone normally as quickly as possible.

Verizon

Now that we're seeing the remote diagnostics tool come to the LG Revolution and Samsung Droid Charge, can we expect to see it on more devices going forward?

The Revolution and the Charge are the first to receive support for this tool. We plan on bringing support for some more devices this year.

Will the app only be accessed by Verizon customer support/tech support reps? Or will there be any other third party given access?

No third parties, only Verizon Wireless customer support.

Is it all opt-in? Will it give us the chance to accept/reject access before the rep can get in?

Customers with a Revolution by LG or Droid Charge by Samsung who call customer service are not required to use the tool. The tool will not run unless a customer gives explicit permission during a call with customer support. If customer support suggests using the tool as a way to diagnose a problem the customer will see a notification on their device after customer support initiates the Verizon Remote Diagnostics tool. A customer will then see a permission request directly on their device along with "terms and conditions" and an "Accept" or "Reject" button. A customer will need to select "Accept" in order for the tool to run. Customers are free to select "Reject" and the tool will not run.

Customers will also be given a 4-digit PIN by customer support and that PIN must be entered in the device by the customer in order for this to work.

Additionally, access controls are in place for certain apps like email, messaging, etc. Customer support will need to request additional access and customers needs to grant access prior to support being able to troubleshoot issues around those apps. If a customer rejects the tool, customer support will help the customer without using the tool.

When the rep looks at our phone, will we be able to see exactly what they're looking at?

Customer support will see the screen similar to the PC remote experience. We do hide the screen from customer support if a password is needed to be entered into an app or web page.

Does this app have the ability to run in the background when a rep isn't using it?

The tool does not run in the background. It will only run when a customer calls customer support and gives permission to use the Verizon Remote Diagnostics tool.

Can the app be uninstalled or deleted if the phone's owner doesn't want it?

It's part of the new software update that is being pushed and cannot be removed, but it does not run in the background. It only runs when a customer calls support and gives permission to use it.

So what's the catch?

Both companies answered the burning questions satisfactorily, and as long as they're wholly truthful, it seems that customers in need of tech support could certainly stand to benefit from these tools. As HTC and Verizon mentioned above, neither app can run in the background, and the phone can only be accessed remotely when the customer accepts the transaction and types in a special numeric PIN unique to that particular session. Once in, users are able to see exactly what the support rep is looking at, and the screen is hidden from the remoting party anytime we're asked to type in a password of any kind. With these precautionary measures in place, the likelihood of personal info getting into the wrong hands seems to be pretty low.

That doesn't mean the idea is completely flawless, though. In fact, there are two catches we find utterly atrocious. First, these apps aren't uninstallable. Just like any standard piece of bloatware, you can't get rid of it. If you purchased an LG Revolution or Samsung Droid Charge and ever want to update your phone to the latest bug fixes and software upgrades, you're going to get Verizon's AetherPal diagnostics client whether you like it or not. This is such a large contrast to most similar tools used on a PC, which gives you the opportunity to download an app when prompted by the support rep and lets you throw that program into the Recycle Bin at the end of the session.

There will always be excuses as to why such programs can't simply be deleted from your handset if you don't want them: it's a system application and the phone won't run properly without it, the app isn't available for download on Google Play or perhaps the company believes it's just a matter of convenience to the phone's owner when they don't have to re-download the app anytime they want to call into support. But the fact remains that if the program is stuck on our devices and we can't get rid of it, there will always be suspicions of foul play. If we delete the app and regret it later, there are plenty of alternative methods to retrieve it if necessary.

The second catch involves the kind of information the apps can look at. We're still completely in the dark about what stuff can be accessed. HTC and Verizon both assure us that the support reps only see exactly what we see, but that doesn't mean there couldn't be something else occurring behind the scenes. Our awareness of what's really involved will likely come in due time as savvy developers explore the inner workings of both programs, but for now we're left to just take the companies' word for it.

Wrap-up

While we remain a little uneasy about the concept of remote diagnostics tools on our phones, we'll give kudos to HTC and Verizon for being transparent. We constantly have to worry about what companies are attempting to access personal data on our phones or tablets without our knowledge and permission, practices that rarely serve any benefit to the owner of that device. LogMeIn and AetherPal, on the other hand, could actually offer some degree of purpose and usefulness while providing proper measures to keep your own information safe.

The best part is that, unlike the Carrier IQ debacle, we know ahead of time that these apps are getting pushed to our handsets and we know exactly what they're supposed to be used for. The bad news is that it's still forced upon us, and the only way we can get rid of it is to root our device, a technique that many users won't be familiar or comfortable with. It's a tough situation to be in, since it means we have to take these companies at their word and trust their insistence that no third parties get to dive in and have a peek at your stuff. Forgive us for being just a little paranoid, but as the saying goes, fool us once, shame on you. Fool us twice and, well, prepare for a consumer revolt.